Spore: I wants it.

Spore is finally here, after how many years of waiting, spore has landed. Or leaked out, or whatever. You see, it turns out that a group of stores in the land down under - Australia - started selling the game on September the First. good for us, bad for EA. The early release meant that the RELOADED (?) group had plenty of time to crack the DRM on spore, and post it online. While I decided that I must procure a copy of this game to see if this is true, the spore torrents are clogged by pesky leachers. GAH! So, I’m stuck downloading from rapidshare, which is dull. Hopefully, I can convince a friend to purchase spore and nick a copy off them, and apply the crack to that. Hopefully.

Hacking DMZ - a lost cause?

We’ve all had the experience of being confused by internet jargon and buzzwords, albeit ones created by the runescape generation, be it things like “Trad?” or the slightly more sophisticated “ERROR 42 - invalid …..”. Never the less, as the number of protocols we have to configure grow, so does the chance that someone else has misconfigured one of theirs, allowing you access. DMZ is one such protocol.

Technically it’s not a protocol, but I needed it to be to work with my introduction. DMZ stands for demilitarized zone, and ironically refers to a computer with no defences. It should be called the helpless zone. Unless you have your DMZ as a computer with a good firewall, then you are opening your network up to the whole world.

In order to exploit DMZ, the other computer must be running some form of server that you can exploit. Simple as that. The chance that you find something running on that server is higher - assuming they have no firewall, but anyone intelligent enough to work out how to set up DMZ and a server will probably have a firewall as well - and they show up brighter on the NMAP radar.

A useful trick to exploit DMZ for safety reasons is to have your DMZ pointing to a nonexistent IP. That way your network remains invisible to the online world. Unfortunately, aside from confusing people, it becomes difficult to find any meaningful use for DMZ. Sorry guys, better luck next time.

Suger Free Mints - Contain Glass?

I acquired a packet of mints recently, a small packet with an interesting lid. If you press down on it, it bends inwards and you can take it off the packet. You then put it back, press the sides together and it snaps back into shape, locking the container again. This can be used as a weapon, if you hold the lid close to someones ear and then press the sides. Also - a quick examination of the ingredients list reveals that the mints contain a small portion of silicon dioxide, which - for the non chemists - is the chemical formula for glass. Painful.

Useful ports - which ones can you hack? ( intro to metasploit tutorial )

A question that is often asked is Why the hell do we have so many ports? Nobody is ever going to use all 63-thousand of them, so why so many? And which ones are useful? Mostly, if you’re reading this then you will be looking for something to exploit, something with less then perfect security. In that case, you don’t need to know what’s on every port, just what runs on the common ones.

First of all, the bad port: 554. I have no idea what runs on it, some Microsoft radio service. It’s not something that can be exploited, but if given the chance and included in a port scan it will take valuable time to resolve, all for a useless piece of information.

The good ports are much more interesting: Port 80 means that either the victim has a webserver or an unsecured router - fun. port 25 indicates an FTP server, which often goes paired with the unsecured router. Anything running on port 23 is fun, because port 23 is telnet. If you find something running a telnet server, try youre hardest to get in, because telnet will allow you greater control of the victims computer then any other system - broadly speaking . Note, however that telnet can sometimes be used as a command line only router configuration tool, in which case it becomes useless for hacking purposes.

New Toys

Today my new toy arrived: a modified asus EEE pc with a touch screen. Thay are, essentially, a very very small compute. It’s just larger then a piece of A5 paper, and while the stats are understandiably low, it still boasts an impressive 512 MB of RAM - that’s impressive in terms of the pre-vista era, not impressive currently - which is the same as my desktop. It has no CD drive, which is irratiting, but the main problem seems to be that the up arrow key and the shift key are right beside each other, so whenever I reach for a capital lette I start typing in the line above. I’m currently downloading EEEXubuntu to install over the current XP, which should raise it’s usability in terms of lag, as this box only has a 900 MHz processor.

Some more good news: the wireless card on the EEEpc is capiable of packet injection - allowing for some fun hacking to be performed.

Greetings GTGIG visitors! -> AKA: Basic example of XSS

Heads up to all those from GTGIG. For those who don’t know what GTGIG is, it’s a web forum. people post things, other people argue about things, yet more people complain that the forum was better before these new kids showed up etc. Anyways, every time anyone on that forum visits a specific page they get redirected here. I could also write one to steal cookies, but I can’t be stuffed ( stealing cookies would allow me to get the stored passwords used to log into any sites they are currently on. Hax ).

In the shortest possible form, there is a script hidden on the page which will redirect people to this page. This isn’t XSS. It could easily be XSS, if it linked to a script on another page. Whenever anyone views the compromised post, their browser reads <script language=”javascript”>…</script> and redirects them here.

For entertainment value, write a webpage that includes a looping javascript popup box ( while (1==1) { alert(”fail”) } ) and set it as someone’s homepage, then sit back and enjoy. Chaos is guaranteed. Plus, if you want to show off your 1337 haxor skills, do it to someone you like then help them bypass the problem. If you can’t work out how to bypass it they have fun explaining it to you sys admin.

Blender vs C4D?

I’m having a little moral dilemma here people. Oddly enough, it’s not induced by the questionable ethics of hacking random people, but rather by which 3D modelling program to use. I have three choices: Maya, C4D, and Blender.  Both blender and maya can run on linux and windows, which is a plus, while C4D is the better platform for working on - Plus I am more familiar with C4D. It’s really just a debate about weather it’s better to use free software, which is easily available, but harder to use, or the illegal pirated version of C4D.

From the inside - what to do when you have control of a router.

One of the things that always irritated me when I finally find a vulnerable router and hack my way inside is the lack of easily exploited options. I mean, really. Why would you design a router and not include some simple options such as “open a root shell on the client machine”. That’s just irrirating, and bad from on the part of the router’s designers. So what can you do on the inside?

One of the most fun things to do on your home network is to setup firewall rules to block their internet. This is much less fun on other peoples routers, as you can’t watch them stamp around and generally have a fit at broken computers and stupid internet etc. You simply get their IP address, and create a firewall rule dropping all incoming packets to that IP. Simple. It’s also useful if your hacking a remote router, as it will disable their internet without cutting off your access to their router.

What else can you do that’s fun? You could setup DMZ. DMZ stands for demilitirized zone. It means that everything - anything on any port - is forwarded to the entered IP. You could use this to allow access to a given machine on the network, and thus hack that with exploits, but if you do, remember to dissable DMZ afterwards, otherwise your newly hacked box will be vulnerable still.

Unfortunately, that’s about the limit to what you can do with routers, to my knowledge. If anyone has any more fun ideas for things to do with unsuspecting victems and their routers, let me know. Otherwise, happy hacking!

Land down under cut off?

Sometime earlier, in the realm of several days, A friend of mine challenged my to hack him. Being the kind person that I am, I agreed. Now, the only problem with this was the fact that no matter what I did, his router remained unavailable. Whenever I navigated to his IP, I would get a message saying that a network error (tcp_error) had occur ed, followed by something about how the operation had timed out. Confused, I had a look at the traceroute of his IP.

Yep, the traceroute revealed a little problem with the internets: host qld.aanet.com.au was offline. anything going through that server would be cut off, terminally. This really sucks, and my friend was getting impatient. What was wrong with this server? When I navigated to the address, I recieved a similar network error, this one caused by a “connection refused”. Fine, that server has issues. How could I bypass it? Proxies? They were tried to no avail. I did suceed in getting warnings that “this site had been blocked” in several different languages, including Chinese, Korean and Spanish. I refused to admit defeat, and instead shifted blame onto the ISP for qld.aanet. They have yet to reply.

While this is a stretch, is it possible that a few days after net neutrality is scrapped, lower quality bits of the internet start to drop away? I’m sitting on 30Kbs as a max speed here, and it sucks. =(. Could this be the first instance of ISP’s dropping services to the unimportant? Because I have never seen anything like this before.

A short guide to Nmap

The first tool in any hackers toolkit is almost always a port scanner. For those who don’t know what a port scanner is, it is a program that looks at which ports are open or closed on lots of computers, really quickly. An open port means that there is some program running on that port on the other computer. What makes NMap special is that it will tell you not only what port is open, but what program is running, what version the program is, and what operating system the computer is running. You can also get loads on other information, like what brand of computer it is. Additionally, NMap can recognize printers, routers etc from how they behave.

How is the useful to a hacker? Well, If you know the program and version number then is possible to exploit security failures in that program. Look up some exploits on metasploit or milw0rm. There is a large avalibity of code that can be used if you know exactly what your attacking.

Go download nmap, and then learn how to use it. Some useful command lines:

  • T#.  this command sets the speed of the scan. Replace the # with a number from 1-5. Higher numbers means faster results, but slower scans will be more accurate.
  • -sV. This tells the program to search for version numbers. You can set the intensity from 1-9 with –version-intensity #.
  • -F. This tells the NMap to limit it’s searches to common ports, like 80, 21, 553 etc. This will make the scan faster, but could easily miss something running on an unusual port.
  • -v. Verbose. This means that NMap will output more information about what it is doing. You can use it twice to get lots of information.
  • -A. Scan for everything. This will automatically scan for operating system information, versions, open ports, netbios infomation, everything.